Select Language:
If you’re experiencing connection issues with your Gateway Load Balancer (GWLB), understanding how it handles TCP connections can help you find a solution. GWLB constantly monitors the state of your TCP connections and closes them after they’ve been idle for a set period, known as the idle timeout. The default idle timeout is 350 seconds, but you can change it anywhere from 60 seconds up to 6,000 seconds to better fit your needs.
Here’s what happens when your connection stays silent past the timeout: if neither the client nor the target sends data for longer than the configured time, GWLB will close that connection and remove it from its flow table. When a new connection is initiated afterward, GWLB treats it as a fresh flow and handles it as a new session. However, if one side of the connection closes (sends a FIN packet) but the other side hasn’t responded yet, and the timeout expires in the meantime, GWLB will remove that flow. When the delayed FIN packet finally arrives, GWLB no longer recognizes the flow and will drop those remaining data packets, including any non-SYN packets like FIN, towards your firewall, which can cause confusion or unexpected behavior.
To prevent these issues, you can take some simple steps:
– Enable TCP keepalive packets on your clients or target servers. This will help reset the idle timer regularly and keep the connection open.
– Adjust the GWLB’s idle timeout setting to match your application’s traffic pattern better. If your applications typically stay silent longer, extending the timeout may help.
– Make sure your applications’ TCP timeout settings are shorter than or align with the GWLB’s idle timeout. Proper tuning ensures smoother handling of connections.
Remember, GWLB does not have a dedicated “half-closed” timeout. It simply relies on the general TCP idle timeout mechanism, which disconnects flows after no traffic is detected for the specified time.
For more detailed information, you can refer to the official AWS documentation on Gateway Load Balancers and TCP timeout configurations.
ChatGPT
Perplexity
Gemini AI
Grok AI
